About the job

Summary

The role of the Government Security Centre People and Physical (GSCPP) is to help government departments to understand and manage the security risks they are facing and improve their security in line with government-wide standards and policies. They need a simple route to obtain expert advice and operational support, led from the centre to ensure consistency of approach to handle complex security risks effectively and meet government standards.

We are one of five Government Security Centres providing security advice and consultancy services to government departments. We provide an integrated and accessible service of expert protective security advice. We achieve this by working in strategic partnership with the Centre for the Protection of National Infrastructure (CPNI) and in collaboration with the other National Technical Authorities (NTAs) and the various entities within the Government Security Function.

GSCPP directly supports the mission of the Government Security Function, which is ‘to enable government to protect citizens and provide vital public services, by understanding and managing security risks’.

Job description

Insider risk is the potential for an individual who has (or had) authorised access to an organisation’s assets, to use their access either maliciously or unintentionally to harm the organisation. The application of good people security is designed to mitigate the insider risk. The service will deliver authoritative protective people security advice to reduce departmental/organisational vulnerabilities and mitigate the insider threat.

GCPP will receive and feedback information from central or third-party security functions, such as the National Technical Authorities (NTAs), Cabinet Office, Intelligence Agencies, private industry, and academia. The service will disseminate its expertise to government organisations including the provision of specialised advisory services to Departments needing to enhance/review security standards.

There is the capacity to work from home as part of the hybrid model, and occasional travel to other offices will be required at times, these may also include the occasional overnight stay.

Responsibilities

There are three broad categories:

1) Providing expert tailored people security advice to the public sector

You will be required to:

a. Provide proportional, practical security advice, based on the security risks that face the public sector, aligns with relevant regulation, policy and standards and is tailored to the local needs and environment. You will need to remain responsive and adaptable to the changing threat environment, business requirements and central HMG policies.

b. Work with organisations to assess the efficiency and effectiveness of the insider risk processes across the organisation and make recommendations for continual improvement.

c. Develop and maintain effective relationships with Senior Security Advisors (SSAs), and Chief Security Officers (CSOs), in order to support them in raising security standards across their departments, by developing and delivering people security initiatives.

d. Establish and maintain effective relationships with senior board members and key partners to ensure protective security receives the necessary support. This may include providing board briefings on insider risk, support senior officials on identifying key risks and designing mitigation in conjunction with central policy and standards and assistance with implementation of recommendations.

e. Identify holistic requirements or mitigations for insider risk security threats and work closely with colleagues from the GSCPP Physical team, IT (including cyber) and other security fields, other government security centres and HR to deliver appropriate, proportionate and cost-effective advice.

f. Identify requirements or mitigations for personal safety and security and work closely with experts to deliver appropriate, proportionate and cost-effective advice.

g. Deliver the core operational services include conducting Personnel Security Maturity Model (PSMM) assessments, Insider Risk Indicator Tool (IRIT) assessments, Critical Asset and Risk Assessment Tool (CARA) and running risk workshops as well as responding to tailored requirements.

2) Raise the standard of insider risk security implementation across the public sector:

a. Promote common standards and alignment of security policy and practice across government. Identifying risks and applying risk assessment methodology.

b. Contribute to developing and applying new concepts and potential solutions to existing and emerging challenges across the security piece. This could involve leading engagement with other specialisms/enablers, facilitating meetings and workshops as needed to disseminate information and enhance security standards.

c. Maintain and develop relationships with the intelligence agencies, NTAs and other key partners to ensure that appropriate information and support is fed between the relevant partners.

d. Forge alignment with counterparts in the other government security centres.

e. Promote insider risk security as a business enabler.

3) Establish, develop and improve GSCPP advisory services:

a. Appropriately respond to requests for specialist insider risk advice and consultancy services which may include ongoing engagement with the government department or organisation concerned.

b. Maintain awareness of current and emerging technologies and practices and their impact on existing security practices.

c. Champion learning, development and accreditation, both for yourself and others. Cultivate talent and champion an inclusive, diverse and motivated workforce and contribute to the development of the specialism. As a senior member of the team, the role requires project management skills at a higher level to define clear processes and ensure these are implemented across the business.

d. Ensure timely and effective communication to a high standard with senior leaders to demonstrate project development at all stages.

e. Produce regular quality written progress reports to a high standard that assess risk in line with appropriate standards and policies.

Note: This is not an exclusive or exhaustive list, and the post holder will be required to perform additional duties reasonably expected of them within the scope of the grade and within the limits of their skill, competence and training.

The ideal candidate will have a good understanding of risk management and be comfortable in a consultancy role providing guidance and advice as part of a cross government shared service. The will be able to write clear and articulate reports and be excellent at forming relationships and working collaboratively with a range of partners.

This person will work autonomously and in a team and will have the self-motivation to be proactive in making progress and improvements.

Essential criteria

• Understanding of people security (which may come from roles in HR, Vetting, protective security, internal audit, intelligence).

• Understanding of people risk protective security including security threats, insider risks, and security risk management.

• Ability to operate in a consultancy role to provide strategic and operational advice: good personal engagement; excellent listening skills; excellent verbal and written communication that could be delivered to senior partners, such as permanent secretaries; ability to manage upwards; ability to understand influencers and work autonomously and at pace within Government Organisations to inspire change.

• Strong assessment skills; demonstrating perception and proportionality and strong drafting skills for report writing.

Desirable criteria

• Experience of working in protective security.

• Good working knowledge of HMG insider risk Security requirements.

• Experience of conducting insider risk assessments.

• Highly organised with ability to multi-task and utilising innovative methods.

• HR experience and understanding of employment law.

• Understanding of CPNI personnel security & insider threat modelling.

• Ability to assess costs and provide advice on procurement.

• Broad understanding of physical security procedures.

• Basic knowledge of Information/Cyber Security.

Behaviours

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing
• Making Effective Decisions
• Delivering at Pace
• Seeing the Big Picture

We only ask for evidence of these behaviours on your application form:

• Communicating and Influencing
• Making Effective Decisions